Naveen Kumar

Role and responsibilities included management of security operations, Perform the Quarterly and monthly delivery items with respect to security operational activities like User ID Management, Vulnerability Assessment, Security Health Check, Patch Management and Application Security.

Role and responsibilities included management of security operations, supporting audit and governance team to deliver the contractual obligations of the client. During the tenure worked on various domains in IT Sector, Telecom, Banking, Core IT, Software development

• Leading and management of multiple customer audits, IT General Control Audit, Certification Audits, various internal IBM Audits • Perform internal review of artifacts submitted to Audit team • Managing Key Control of operations review, one of the rated review of Organization at India-south Asia level • Managing and handling reviews of transition and transformation accounts for the organization • Tracking business IS risks and issues and assisting with the implementation of action plans that ensure timely remediation of the risks/issues • Provide security Consultation and Assurance to Management, Business units and Internal customers on protection of business information by integrating Controls, Policies, Processes, and Procedures • Recommends process improvements/enhancements to existing compliance programs as well as be a change agent for new or modified policies/procedures based on the evolving regulatory landscape • Handle issues to the satisfaction of the client and communication of risk to business • Perform Application Security Assessment for Application on OWASP guidelines • Developing technical specs guidelines for devices and subsystem present in the environment • Validation of security parameters on OS, DB and Application as per the guidelines • Evaluation of security tool to be deployed in the environment from security and compliance perspective • Assist in formulating the Third-Party Security Audit calendar to ensure comprehensive coverage of samples of all types • Monitor the closure of gaps identified in the third-party security audit and additionally disseminate learning across the segment of Third Parties based on sample audit • Ensure measurements are in place that trend progress of IT compliance with regulations and standards and articulate maturity in IT Compliance programs

• Managing and leading the Security delivery of SO Accounts and portfolio in Philippines • Setting up initial security baselines for the newly transitioned account and aligning them as per IBM’s management system • Setting up account procedures and operationalizing them as per the contracted services • Implement tools and processes related compliance monitoring, governance and internal audits • Lead and conduct compliance assessments and IS audits for the business functions and submit assessment reports to management with information security standards • Setting up of operational metrics and designing the project plan to achieve these metrics within defined resources • Delivering technical specification documents and discussions with customer for finalizing system hardening guidelines • Identifying and highlighting business related IT risks in the environment after a thorough walk through of the data center and other areas • Documenting and agreement with customer for threats identified in the environment, bridging up a plan to mitigate these threats and build up a governance mechanism • Setting up of tracks for the account for transformation phase and on-boarding the account in various internal tools for reporting and governance • Act as audit interface, manage end to end audit program adherence to audit strategy and plan • Lead and interlock teams in all phases of audit initial engagement, data responses, onsite or offline review or testing, defect discussions, audit report finalization • Act as after care SPOC for audit and review, including root cause determination, adherence to action plan, closure artefacts submission and audit point closure • Reduce process related observations through enhancements in the process improvement and process compliance postures